FCP – FortiGate Administrator 7.4 — Question 62
Which two attributes are required on a certificate so it can be used as a CA certificate on SSL inspection? (Choose two.)
Answer options
- A. The issuer must be a public CA
- B. The CA extension must be set to TRUE
- C. The Authority Key Identifier must be of type SSL
- D. The keyUsage extension must be set to keyCertSign
Correct answer: B, D
Explanation
The correct attributes for a certificate to act as a CA for SSL inspection are that the CA extension must be set to TRUE (B) and the keyUsage extension must allow for keyCertSign (D). Option A is incorrect because the issuer does not need to be a public CA, and option C is incorrect as the Authority Key Identifier does not specifically relate to SSL type.